Kazuar: Multiplatform Espionage Backdoor with API Access
Tags
Common Information
| Type | Value |
|---|---|
| UUID | b354a408-d9be-4f57-b8d2-5bd0571ab209 |
| Fingerprint | 749818932abb9781 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 3, 2017, 11:08 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Kazuar: Multiplatform Espionage Backdoor with API Access |
| Title | Kazuar: Multiplatform Espionage Backdoor with API Access |
| Detected Hints/Tags/Attributes | 86/2/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | gaismustudija.lv |
|
| Details | Domain | 2 | hcdh-tunisie.org |
|
| Details | Domain | 2 | www.gallen.fi |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | osversion.pl |
|
| Details | File | 1 | atform.pl |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1 | kontakti.php |
|
| Details | File | 1 | gzencode.php |
|
| Details | sha256 | 2 | 8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2 |
|
| Details | sha256 | 2 | b51105c56d1bf8f98b7e924aa5caded8322d037745a128781fa0bc23841d1e70 |
|
| Details | sha256 | 2 | bf6f30673cf771d52d589865675a293dc5c3668a956d0c2fc0d9403424d429b2 |
|
| Details | sha256 | 2 | cd4c2e85213c96f79ddda564242efec3b970eded8c59f1f6f4d9a420eb8f1858 |
|
| Details | Url | 1 | http://gaismustudija.lv/wp-includes/pomo/kontakti.php |
|
| Details | Url | 1 | http://hcdh-tunisie.org/wp-includes/simplepie/gzencode.php |
|
| Details | Url | 1 | http://www.gallen.fi/wp-content/gallery |
|
| Details | Windows Registry Key | 1 | HKCURUN |